Restricting access via Geo Location

Ashley Grant

LogonBox supports the ability to restrict access to the server based on geo location data, much like blocking or allowing access to specific IP addresses or ranges.

In order to utilise this particular feature it is required to configure an IPStack API, these settings can be found in System Configuration->IP Restrictions.

An IPStack API Key can be acquired from https://ipstack.com/.

On this page, you can also choose to use DNS Reverse Lookups which can then be used to allow/reject IP Restrictions by hostname.

 

To begin configuring a restriction navigate to Administration->Networking->Geo Restrictions.

 

Creating a Geo Restriction to Allow Locations

1. To begin creating the Geo Restriction select the Create option and the Create Geo Restriction window will open.

 

2. Set a Name, in this case we're going to make rule to allow access from specific European countries so we'll name this Allow Europe Offices.

3. In the Countries section, set the countries that you want to have access to the system. You can use the Search field here to start writing a country name and the list will be updated to only show matching countries. Add the countries you want to the Included field using the arrow button.

 

 

4. The Services option allows you to select which specific services that the server provides you would like this rule to.

5. The Operation option can be set to Allow or Deny, in this case we want to set Allow.

6. Click Create and the Geo Restriction will be saved and added to the list.

 

As we have set an Allow rule, by default this will mean that all other countries will now be denied.

If you have more than one restriction set, these are processed in order. 

 

Creating a Geo Restriction to Deny Locations

1. As stated above select the Create option to open the creation window and set the details we need for a Deny rule.

2. In this case we're denying Unknown locations, and want to have the Operation option set to Deny.

 

 3. Select Create and the Deny rule is created and displayed in the list.

 

As we have chosen to deny Unknown, this will mean that only user IP addresses that we can map to a country will be allowed to log on to the system.